<?php
/* -------------------------------------------------------------------------------------
* 	ID:						$Id: account_password.php 150 2013-09-22 07:52:01Z phone.mueller@googlemail.com $
* 	Letzter Stand:			$Revision: 150 $
* 	zuletzt geaendert von:	$Author: siekiera $
* 	Datum:					$Date: 2013-09-22 07:52:01 +0000 (Sun, 22 Sep 2013) $
*
* 	SEO:mercari by Siekiera Media
* 	http://www.seo-mercari.de
*
* 	Copyright (c) since 2011 SEO:mercari
* --------------------------------------------------------------------------------------
* 	based on:
* 	(c) 2000-2001 The Exchange Project  (earlier name of osCommerce)
* 	(c) 2002-2003 osCommerce - www.oscommerce.com
* 	(c) 2003     nextcommerce - www.nextcommerce.org
* 	(c) 2005     xt:Commerce - www.xt-commerce.com
*
* 	Released under the GNU General Public License
* ----------------------------------------------------------------------------------- */

include ('includes/application_top.php');

$smarty = new smarty();

require (DIR_FS_CATALOG.'templates/'.CURRENT_TEMPLATE.'/source/boxes.php');
require_once (DIR_FS_INC.'inc.validate_password.php');
require_once (DIR_FS_INC.'inc.encrypt_password.php');

if(!isset ($_SESSION['customer_id']))
	redirect(href_link(FILENAME_LOGIN, '', 'SSL'));

require(DIR_WS_CLASSES.'class.input_fields.php');
$field = new input_fields('create_account', $_POST);

$password = $field->getField('password');
$confirmation = $field->getField('confirmation');

if((isset($_POST['action']) && ($_POST['action'] == 'process')) && $field->error != 'true') {
	$password_current = $_POST['password_current'];

	$check_customer = $db->db_query("SELECT 
										customers_password 
									FROM 
										".TABLE_CUSTOMERS." 
									WHERE 
										customers_id = '".(int)$_SESSION['customer_id']."'");

	if(validate_password($password_current, $check_customer->fields['customers_password'])) {
		$db->db_query("UPDATE 
							".TABLE_CUSTOMERS." 
						SET 
							customers_password = '".encrypt_password($field->post_vars['password'])."', 
							customers_last_modified = NOW() 
						WHERE 
							customers_id = '".(int)$_SESSION['customer_id']."'");

		$db->db_query("UPDATE 
							".TABLE_CUSTOMERS_INFO." 
						SET 
							customers_info_date_account_last_modified = NOW() 
						WHERE 
							customers_info_id = '".(int)$_SESSION['customer_id']."'");

		$message_stack->add_session(SUCCESS_PASSWORD_UPDATED, 'success');
		redirect(href_link(FILENAME_ACCOUNT, '', 'SSL'));
		
	} else
		$message_stack->add(ERROR_CURRENT_PASSWORD_NOT_MATCHING, 'error');
}

$breadcrumb->add(NAVBAR_TITLE_1_ACCOUNT_PASSWORD, href_link(FILENAME_ACCOUNT, '', 'SSL'));
$breadcrumb->add(NAVBAR_TITLE_2_ACCOUNT_PASSWORD, href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'));

require(DIR_WS_INCLUDES.'header.php');

$smarty->assign('FORM_ACTION', draw_form('account_password', href_link(FILENAME_ACCOUNT_PASSWORD, '', 'SSL'), 'POST').draw_hidden_field('action', 'process'));
$smarty->assign('INPUT_ACTUAL', draw_password_field('password_current').' <span class="inputRequirement">*</span>');
$smarty->assign('INPUT_NEW', $password);
$smarty->assign('INPUT_CONFIRM', $confirmation);
$smarty->assign('BUTTON_BACK', '<a href="'.href_link(FILENAME_ACCOUNT, '', 'SSL').'">'.image_button('button_back.gif', IMAGE_BUTTON_BACK).'</a>');
$smarty->assign('BUTTON_SUBMIT', image_submit('button_continue.gif', IMAGE_BUTTON_CONTINUE));
$smarty->assign('FORM_END', '</form>');

$smarty->assign('language', $_SESSION['language']);

$smarty->caching = false;
$main_content = $smarty->fetch(CURRENT_TEMPLATE.'/module/account_password.html');

$smarty->assign('language', $_SESSION['language']);
$smarty->assign('main_content', $main_content);
$smarty->caching = false;
$smarty->loadFilter('output', 'note');
$smarty->loadFilter('output','trimwhitespace');
$smarty->display(CURRENT_TEMPLATE.'/index.html');
include ('includes/application_bottom.php');
?>